🚨 InMotion Hosting’s cPanel Update Breaks Checkout and Login — What You Need to Know
Date: July 2025
Author: PrestaHeroes Support Team
⚠️ Experiencing broken checkout or login? This could be why
If your site is hosted with InMotion Hosting and your checkout or login pages suddenly stopped working — you're not alone.
The issue stems from a recent cPanel upgrade pushed out by InMotion Hosting. This update enforces a strict Content Security Policy (CSP) header at the server level — with no warning and no opt-out.
The result? Inline scripts, external services like PayPal or Stripe, Google Fonts, and even login form validation are suddenly blocked — breaking the core functions of many ecommerce websites.
🛑 What platforms are affected?
This isn’t just a PrestaShop problem. The CSP enforcement is site-wide — affecting any platform that relies on inline code or external scripts.
- PrestaShop
- WooCommerce / WordPress
- Magento
- OpenCart
- Custom PHP/HTML sites
- Legacy Shopify apps running on custom domains or behind proxies
🔍 What symptoms should you expect?
- Checkout doesn’t work or loads incompletely
- Login and registration forms silently fail or refresh
- Missing payment options (PayPal, Stripe, Square)
- Google Fonts and icons don’t display
- Browser dev tools show CSP violation errors
🧠 Why this happened
The CSP header now being injected looks like this:
Content-Security-Policy: default-src 'self'
This is an extremely strict rule that blocks:
- Inline JavaScript and CSS
- External fonts, payment buttons, and widgets
- AJAX requests to third-party domains
If your site uses any of these — and nearly every modern site does — this policy will break your storefront.
✅ What you can try (but may not work)
Add this override to your .htaccess
file:
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; img-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:"
</IfModule>
However, many users report this has no effect — because the header is injected at the server or Apache config level, not from your application.
📞 What to tell InMotion Hosting
If your override doesn’t work, contact InMotion support and send them this message:
Your recent cPanel upgrade is injecting a Content-Security-Policy header that is breaking checkout and login on our site. We have attempted to override this via .htaccess, but the header persists. Please remove or relax this header at the server level.
This is a hosting-level issue and requires their intervention.
💡 Final Thought: Time to move forward?
These kinds of issues — random server policy changes, PHP version mismatches, cPanel surprises — are a major reason why many merchants are migrating to Shopify.
Shopify lets you focus on selling — not patching .htaccess files and chasing server support.
If you're done dealing with hosting drama, we can help you migrate cleanly from PrestaShop, WooCommerce, or Magento to Shopify.